BOVPN Notification

eichenadmineichenadmin
in Firebox - VPN Branch Office

Perhaps I am not remembering correctly, but I have it in my head that I used to get a notification message (via dimension) both when a BOVPN went down and when it comes back up. I now only seem to get the 'down' notification. Am I mis-remembering or did something change?

Comments

  • james.carsonjames.carson Moderator, WatchGuard Representative

    The BOVPN notification is for down. I can't find any documentation of it ever doing both.

    If you're looking for another notification that the system doesn't provide.
    -Open Firebox System Manager.
    -Go to the traffic monitor tab.
    -Right click on the black background area and select notification.
    -Find the log message that you're looking for notification for and check it.
    (The log you want notification for must have occurred recently for it to appear in this list.)
    -Save/OK.

    The notifications that dimension sends are just log messages with an email tag in them. The firewall must generate that, and dimension/WG Cloud will send notifications based on those logs.

    -James Carson
    WatchGuard Customer Support

  • HumbleSageHumbleSage

    Seems odd this isn't more easily controlled in the WebUI or WSM. I'm trying to find a way to get a "connection is back up" type of notification for my bovpn's as well. I see these happen and I don't seem to get to the System Manager fast enough to be able to set the event. Something WatchGuard should consider adding in the next minor release of their soft/firmware.

  • Bruce_BriggsBruce_Briggs

    There are many other tools which can notify you of loss of connectivity over a BOVPN and the return of connectivity.
    Most are ping based tools with email notifications

  • PhilT_VITPhilT_VIT

    Just looking at my test firewall and when I get a BOVPN up message, the following appears (IP addresses redacted):

    2025-06-03 07:23:19 iked (XX.XX.XX.XX<->YY.YY.YY.YY)'' BOVPN IPSec tunnel is established. local:AA.AA.AA.AA remote:BB.BB.BB.BB in-SA:0xd5cc89ad out-SA:0x02b079cd role:initiator msg_id="0207-0001" Event

    I'd imagine the key being msg_id "0207-0001" and shows up in WSM as something I can enable notifications against using the method mentioned by james.carson

  • james.carsonjames.carson Moderator, WatchGuard Representative

    Hi @PhilT_VIT
    You can, the problem with doing it this way lies with if the logging connection (from where the notifications will actually be generated) is in that path.

    If the log/dimension server is over there, it may not get the actual log message with the [email] tag in it. There is log buffering to an extent, so it depends entirely on how much log traffic is being slung around.

    If the path to the log/dimension server is different, than you'll get that notification provided it meets the rules for notification in your set-up.

    -James Carson
    WatchGuard Customer Support

Sign In to comment.